Method and apparatus for identity theft prevention

ABSTRACT

A system and method issues a credit card or other credit instrument to a user by first obtaining authorization and authentication from the user.

RELATED APPLICATIONS

This application claims the benefit of U.S. provisional patent application Ser. No. 60/473,175 entitled, “Identity Theft Application Prevention” filed on May 22, 2003 by Scott James Loftesness and Carol Coye Benson and is incorporated herein by reference in its entirety.

FIELD OF THE INVENTION

The present invention is related to computer software and more specifically to computer software for financial services.

BACKGROUND OF THE INVENTION

Identity theft in the United States is already a large and rapidly growing problem. A recent estimate by analyst Jim Hurley of the Aberdeen Group indicate it is growing at 300% annually from a base estimated at $221 billion in financial losses in 2003. Quoting from his analysis:

-   -   Profits are high; risks are low. At $9,800 per-incident,         identity theft is paying much better than bank robbery, while         organized identity theft criminal rings are largely immune from         criminal prosecution. (See: The Business of Identity Theft—Not         Just a Consumer Problem, Aberdeen Group, May 2003)

Visa and its member banks have a serious interest in preventing identity theft, and in helping consumers—and defrauded banks—minimize any losses when identity theft occurs. The Role of Bank Cards in Identity Theft One technique that identity thieves use is to establish new, fraudulent credit card accounts using stolen names, Social Security numbers, and other supporting identification. Although this is only one of the many types of crimes identity thieves commit, the relative ease with which this can be accomplished is one of the primary reasons for the growth of identity theft. Quite simply, the ability to open new, fraudulent credit card accounts and to use these cards to purchase goods or obtain cash advances is one of the financial beacons that attracts many identity thieves. Industry initiatives (such as Visa's recent announcement of an identity theft management program in cooperation with Call to Action) focus primarily on what consumers should do to protect their personal information or to help minimize the impact once an identity theft has already occurred. Credit bureaus have programs designed to help consumers manage post-incident identity theft and, through various email-based alert programs, help consumers detect identity theft earlier. New startups have emerged which are also attempting to address the problem of identity theft. For example, San Diego-based IDanalytics, a startup funded last fall by Canaan Ventures and Trinity Ventures, recently announced it was working with thirteen leading credit grantors to apply pattern recognition technology to detect and prevent identity theft at the point of application. Participating companies include Citibank, Dell, Diners Club, Discover Financial Services, First North American National Bank and Sprint (See: “Software Helps Spot Fraud in Credit Applications”, Wall Street Journal, May 14, 2003). IDanalytics claims its system can identify 15% to 40% of fraudulent applications. Importantly, there is no mechanism that guarantees to a consumer that identity theft will not occur.

SUMMARY OF INVENTION

A system and method can be utilized by credit grantors in the United States to obtain consumer assurance and agreement prior to opening new credit accounts thereby significantly reducing the possibility of successful identity theft being perpetrated.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block schematic diagram of a conventional computer system.

FIG. 2 is a flowchart illustrating a method of issuing a credit card or other credit instrument to a user according to one embodiment of the present invention.

DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT

The present invention may be implemented as computer software on a conventional computer system. Referring now to FIG. 1, a conventional computer system 150 for practicing the present invention is shown. Processor 160 retrieves and executes software instructions stored in storage 162 such as memory, which may be Random Access Memory (RAM) and may control other components to perform the present invention. Storage 162 may be used to store program instructions or data or both. Storage 164, such as a computer disk drive or other nonvolatile storage, may provide storage of data or program instructions. In one embodiment, storage 164 provides longer term storage of instructions and data, with storage 162 providing storage for data or instructions that may only be required for a shorter time than that of storage 164. Input device 166 such as a computer keyboard or mouse or both allows user input to the system 150. Output 168, such as a display or printer, allows the system to provide information such as instructions, data or other information to the user of the system 150. Storage input device 170 such as a conventional floppy disk drive or CD-ROM drive accepts via input 172 computer program products 174 such as a conventional floppy disk or CD-ROM or other nonvolatile storage media that may be used to transport computer instructions or data to the system 150. Computer program product 174 has encoded thereon computer readable program code devices 176, such as magnetic charges in the case of a floppy disk or optical encodings in the case of a CD-ROM which are encoded as program instructions, data or both to configure the computer system 150 to operate as described below.

In one embodiment, each computer system 150 is a conventional SUN MICROSYSTEMS ULTRA 10 workstation running the SOLARIS operating system commercially available from SUN MICROSYSTEMS, Inc. of Mountain View, Calif., a PENTIUM-compatible personal computer system such as are available from DELL COMPUTER CORPORATION of Round Rock, Tex. running a version of the WINDOWS operating system (such as 95, 98, Me, XP, NT or 2000) commercially available from MICROSOFT Corporation of Redmond Wash. or a Macintosh computer system running the MACOS or OPENSTEP operating system commercially available from APPLE COMPUTER CORPORATION of Cupertino, Calif. and the NETSCAPE browser commercially available from NETSCAPE COMMUNICATIONS CORPORATION of Mountain View, Calif. or INTERNET EXPLORER browser commercially available from MICROSOFT above, although other systems may be used.

Banks in the United States that offer credit cards currently use a service created by Visa and MasterCard called the Issuers' Clearinghouse Service (ICS). ICS provides credit grantors with certain limited shared information about card applicants. In one application of this invention, Visa could help its cardholders by addressing one of the major sources of identity theft. By offering a mechanism that requires the active consent of a cardholder prior to opening a new Visa card account. Let's call that mechanism “Proof Positive from Visa”. In so doing, Visa could provide “proof positive” to both the cardholder and the potential new Visa card issuer that only the real cardholder has, in fact, requested the new credit card account. The Proof Positive mechanism would leverage the investments already made in the Issuers' Clearinghouse Service developed by Visa and MasterCard. Currently, Visa and MasterCard issuers are required to report and check all new Visa card applications against the ICS database. In response, ICS provides them with information that assists in making the credit granting decision for a new account. Proof Positive would enable Visa to guarantee that cardholders who register to participate in the program would never experience new account Visa card-related identity theft.

FIG. 2 is a flowchart illustrating a method of issuing a credit card or other instrument to a user according to one embodiment of the present invention. One way that Proof Positive from Visa (“PPfV”) could work is as follows: A Visa cardholder would register 210 an existing Visa card for PPfV with a participating issuing bank online. If not already enrolled in Verified by Visa (“VbV”) 212, the cardholder could enroll 214 in VbV (or another means of authentication) for that card. Through this process, that specific Visa issuer becomes the PPfV registered issuer for that consumer. The issuer then enters 216 the cardholder's primary PPfV card number and Social Security Number (SSN) into the ICS (or other) database which then sets 218 a PPfV-enrolled indicator for that SSN. The issuer may be identified from the card number or an identifier of the issuer may also be entered into the ICS or other database.

As usual with ICS, all new Visa card applications would continue to be sent 220 through ICS which would perform an additional check 222 to determine if the SSN on the application submitted matched a registered PPfV cardholder. If an SSN match occurred 224, the new card issuer would be notified 226 by ICS and would not be able to proceed with issuing the new card until it had received an additional clearance message from ICS, and if an SSN match did not occur 224, the new card issuer could issue the card 250 or attempt other methods of authentication and authorization. ICS would notify 230 the PPfV registered card issuer for that cardholder that a PPfV verification is now requested or required from their cardholder. The PPfV registered card issuer would then send 232 an email or other communication to the cardholder requesting that the cardholder authorize or decline issuance of the new card. (Note that this email confirmation process could be performed on the issuer's behalf by Visa as an adjunct service to ICS.) The email would contain an active link which, when selected by the cardholder (or if the cardholder otherwise indicated assent to the card being issued) 234, would trigger 236 a pop-up window requesting VbV or other authentication 238 and explicit cardholder approval (or decline) for opening the new account and such approval or decline would be received 240. The results of the authentication and approval/decline would be sent 242 by the PPfV registered card issuer to ICS (unless ICS was receiving the approval or decline directly). Based on the results of the authentication and approval process 244, ICS would then notify the new card issuer that they are either “good to go” 246 or forbidden to issue the card 248 and the new card issuer would issue 250 the card only if the good to go notification was received and would not issue the card if they were notified that they were forbidden to issue the card 252. Through the use of ICS as a trusted, neutral, third party, in one embodiment, neither of the two issuers participating in this process would know the identity of the other issuer. With this basic design, the PPfV card issuer would receive notification that the consumer may be attempting to open a new card account with a different issuer. Alternative designs may be able to completely eliminate the PPfV issuer notification should it be considered problematic. For example, in one alternative implementation the ICS system could directly obtain a purchase authorization request from one of several proxy merchants in order to obtain a VbV validation response from PPfV issuer. The present invention applies to the issuance of all credit instruments, not just credit cards. 

1. A method for preventing an unauthorized issuance of a credit instrument, the method comprising: associating by a first party a means of communication with an identifier of a user; providing from a second party to the first party the identifier of the user responsive to the second party attempting to have issued the credit instrument to that user; contacting the user by the second party responsive to the providing step; authenticating the user responsive to the contact; receiving from the user an indication of whether the user assents to the issuance of the credit instrument; and issuing the credit instrument responsive to the authentication and the indication of assent.
 2. The method of claim 1 wherein the providing step is performed via a third party.
 3. The method of claim 2 wherein the providing step is performed in a manner that does not reveal an identity of the first and second parties to one another.
 4. A method comprising: receiving information regarding an application for the issuance of a payment instrument along with a consumer identifier; determining, by a computer system, if the consumer identifier matches a stored consumer identifier; and sending an alert to a consumer associated with the consumer identifier after determining, by the computer system, if the consumer identifier matches the stored consumer identifier.
 5. The method of claim 4 wherein the payment instrument is a credit card.
 6. The method of claim 4 wherein the consumer identifier is a social security number.
 7. The method of claim 4 wherein sending the alert to the consumer comprises sending the alert to a phone of the consumer.
 8. The method of claim 4 further comprising issuing the payment instrument by an issuer bank if the consumer identifier does not match the stored consumer identifier.
 9. The method of claim 4 wherein the payment instrument is a first payment instrument, and wherein the information regarding the application is received from a first issuer and the stored consumer identifier is stored in response to enrollment of a second payment instrument of the consumer in an authentication program, wherein the second payment instrument is issued by a second issuer.
 10. The method of claim 9 wherein the computer system is part of the Issuer's Clearinghouse Service.
 11. The method of claim 10 wherein the first and second issuers are not aware of each other's identity as the method is performed.
 12. The method of claim 10 further comprising receiving a response to the alert, from the consumer.
 13. The method of claim 4 wherein sending an alert to the consumer comprises sending an e-mail to the consumer.
 14. The method of claim 13 wherein the e-mail contains an active link which triggers a pop up window requesting that the consumer approve of the application.
 15. A computer system comprising a processor and a computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor to implement a method comprising: receiving information regarding an application for the issuance of a payment instrument along with a consumer identifier; determining if the consumer identifier matches a stored consumer identifier; and sending an alert to a consumer associated with the consumer identifier after determining if the consumer identifier matches a stored consumer identifier.
 16. The computer system of claim 15 wherein the payment instrument is a credit card.
 17. The computer system of claim 15 wherein the consumer identifier is a social security number.
 18. The computer system of claim 15 wherein sending an alert to the consumer associated with the consumer identifier comprises sending an e-mail to the consumer.
 19. The computer system of claim 15 wherein the payment instrument is a first payment instrument, and wherein the information regarding the application is received from a first issuer and the stored consumer identifier is stored in response to enrollment of a second payment instrument of the consumer in an authentication program, wherein the second payment instrument is issued by a second issuer.
 20. The computer system of claim 19 wherein the first and second payment instruments are credit cards. 